On May 21, 2007, at 21:50, Daniel O'Connor wrote:
On Tuesday 22 May 2007 05:10, Matthew Schumacher wrote:
I'm getting some spammer trying to guess usernames and passwords:
I use the following to protect my SSH server (well not the SSH server
per se, just me reading logfiles the next day)
http://www.gsoft.com.au/~doconnor/brute-force-mitigation.html
Needs PF though.
I take the approach of having a perl script (yay! File::Tail) sit and
watch the logs on each server looking for signs of ssh (could easily
be used for other things like pop as well) brute force attacks. A
certain # of failed logins in a time window from a single IP will
cause that IP to get blocked by ipfilter for an appropriate period of
time, after which the block is removed. This stops most of your
brute-force guessers; after a few tries of having their packets end
up on the floor, they go away.
-rob
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html